Ransomware no longer targets just the fruits at hand, and good backups alone can’t protect you. IT organizations need to create a multi-layered defense that goes beyond cybersecurity to integrate modern data management strategies, especially for unstructured file data.
Besides the pandemic, ransomware has become one of the most serious threats to the global economy. It is no longer a question of “if” an organization will be attacked but “when”, according to Gartner. The research firm predicts that 75% of organizations will face one or more attacks by 2025. The National Security Institute found that the average ransomware payout was $ 200,000 in 2020, down from just $ 5,000 two years ago, as ransomware gangs have resorted to more aggressive tactics to get what they want. Large-scale attacks on businesses, the latest on Accenture, regularly make headlines. The United States is the largest region for such attacks, and ransomware accounted for 30% of all US-based cyber attacks in 2020, more than double the global rate.
Why is ransomware worse now?
Word among security experts is that the COVID-19 pandemic, with the resulting lockdowns and work-from-home warrants, has created a tantalizing new opportunity for hackers. Employees working remotely sometimes use unsecured personal devices and vulnerable networks to access their work applications and information through easily compromised Remote Desktop Protocol (RDP) software and connected by VPNs that are not always configured or secured properly. This has led to a perfect storm of vulnerability even in the largest companies with massive IT budgets and large teams in place. Ransomware attacks are also increasingly sophisticated. Ransomware attacks often occur in multiple stages; penetrating the network first, then stealing credentials and attacking backup systems. This can happen over weeks or months, and often businesses don’t know they are under attack until files become encrypted and unusable.
The impact on data storage
Ransomware gangs are also diversifying, attacking the entire IT infrastructure, not just servers and applications. In 2021, network storage (NAS) Device maker QNAP has alerted its customers that the eCh0raix ransomware is attacking its NAS devices, especially those with weak passwords, as discussed in this paper ransomware by ESET.
This is troubling, as data growth is exploding and 80% of data in organizations is now unstructured file data stored either in NAS storage or in the cloud.
The Unstructured File Data Ransomware Challenge
Protecting file data is tricky due to its size, variety, and rapid growth rate. IT departments need to create a layered policy, which means that in addition to keeping local backup copies, they also need to keep an additional external copy that cannot be infected.
But it quickly gets expensive – we’re talking about a major shock with the stickers. Many organizations have petabytes of file data; a petabyte can easily be a a few billion files. Companies are already struggling to back up all this data. Adding another copy can give the CFO a serious headache. The good news is that it is possible to create a profitable layered strategy. Here’s how:
Prioritize visibility and audits
Early detection of ransomware by monitoring activity and identifying threats and anomalies in networks and infrastructure is an important goal. Analyzes of data usage by unstructured data management tools may reveal suspicious file activity, such as an abnormal amount of reads and writes. While early detection is the ideal first line of defense, it is not foolproof as ransomware attacks are constantly evolving. Storage managers should have analytics dashboards showing key metrics across all on-premises and cloud data usage. Most (80%) of the file data is generally cold and has not been used for a year or more. Knowing which data is hot and actively used and which is not is the key to building a profitable multi-layered defense.
Create a multi-layered data management defense
- Snapshots and backups for hot data. Snapshots and backups keep track of changes to data as it is updated. They are needed on hot and active data to protect against user or system failures, but they can also be attacked by ransomware and, if left undetected for days, can “protect” corrupted data. . Ransomware protection requires an additional copy of this data in storage that is immutable (meaning it cannot be overwritten) and located in a separate physical location such as the cloud. All of this can get expensive, which is why you want to use backups only on hot, active data, which typically makes up 20% of the footprint.
- Cloud prioritization and immutable storage for cold data. A mantra of modern data management is that not all data should be treated the same. By prioritizing cold data from a premium NAS to object-locked cloud storage, you get an immutable copy of cold file data at a fraction of the cost. The ransomware cannot rewrite it. Moving cold data to object storage also reduces your backup footprint, which is another ransomware defense while reducing backup license costs. Yes, you can also create a disaster recovery (DR) copy of data to tape, but recovery times will be significantly longer and physical backup solutions have become less attractive in the cloud age.
Have a plan and validate it
With these components in place, your team should also have action plans in place to respond to various attack scenarios. The time to realize if your plans can be executed isn’t when hackers are successful and are laughing behind their screens. Plans should be documented and tested to ensure data is protected with fast recovery and alternative data access methods so that you can continue to operate without disruption and without paying large ransoms.
The fight against ransomware extends beyond the security team to all aspects of corporate IT, including data storage. With unstructured data management, storage professionals can complement the efforts of their security colleagues by adopting a layered defense strategy that begins with real-time visibility into all storage and incorporates snapshots, backups and cloud storage locked by object. Your cybersecurity team will thank you. As cybercriminals become more creative and aggressive, data management professionals will need to step up their game with a more nuanced approach to the disaster recovery plan.